Plantronics + Polycom. Now together as Poly Logo

[FAQ] Setup an openLDAP server

Polycom Employee & Community Manager

[FAQ] Setup an openLDAP server

The below is a combination of the "official" Polycom Technical Bulletin => here <= and a Wiki post => here <= (THX to the Author !)

 

NOTE: The below instructions expect some kind of Linux command line knowledge!

 

  • Install slapd and ldap-utils

    apt-get install slapd ldap-utils
  • Reconfigure slapd

    dpkg-reconfigure -plow slapd

The above will prompt you to answer a few configuration questions.

 

  • Omit OpenLDAP server configuration? No
  • DNS domain name: sbaierhome <= my example change to suit your setup
  • Organization name: Polycom <= my example change to suit your setup
  • Adminstrator password: T3ch!ab <= my example change to suit your setup
  • Database backend to use: HDB
  • Do you want the database to be removed when slapd is purged?: Yes(I actually had to purge once, so this makes for a clean start)
  • Move old database: Yes (If you reconfigure a second time, it will complain that there's already a backup-file in /var/backups/*.ldapd and reconfiguration will fail - it's safe to delete this file, then restart reconfiguration)
  • Allow LDAPv2 protocol?: No

As described in the Polycom Guide as well as follows:

 

  • By default, the Open LDAP server is not configured to support the phone LDAP client’s search operation (<= for less than or equal to, >= for greater than or equal to). The Open LDAP server’s core.schema file has to be modified to add ORDERING caseIgnoreOrderingMatch in both the object class surname and givenname. Once changes are made, the LDAP service must be restarted for changes to take effect.

We stop the newly installed LDAP server

 

/etc/init.d/slapd stop

 

We now Edit the relevant file

 

NOTE: Since VVX UC Software 5.7.0 or Trio UC Software 5.7.1 the below 2 modifications are no longer required as the Polycom phone now has a new parameter:

 

<test dir.corp.serverSortNotSupported="1" />

 Only required UC Software 5.6.x or older

 

nano /etc/ldap/slapd.d/cn\=config/cn\=schema/cn\=\{0\}core.ldif

 

 

The following line

 

 

olcAttributeTypes: {1}( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (f
 amily) name(s) for which the entity is known by' SUP name )

needs to be appended as 

 

 olcAttributeTypes: {1}( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (f
 amily) name(s) for which the entity is known by' SUP name ORDERING caseIgnoreOrderingMatch)

and in addition

 

olcAttributeTypes: {35}( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC 'RFC2256: fir
 st name(s) for which the entity is known by' SUP name )

needs to be appended as 

 

 

 

 olcAttributeTypes: {35}( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC 'RFC2256: fir
 st name(s) for which the entity is known by' SUP name ORDERING caseIgnoreOrderingMatch)

 

 

You store the modified file via CTRL-O and leave the file via STRG-X

 

Once the above has actioned we start the LDAP again

 

 

/etc/init.d/slapd start

 

 

Adding example Data to the LDAP Server

 

 

cd
mkdir directory_files
cd directory_files

The above directory_files subdirectory is the destination for the openLDAP ldif-files with the content we want to add to LDAP

 

 

First we create an OrganizationUnit called "people" which will hold the user account utilized by phone to authenticate towards the openLDAP.

 

 

nano people.ldif

copy and paste the below into the new Window and store the modified file via CTRL-O and leave the file via STRG-X

 

 

 

dn: ou=people,dc=sbaierhome #<= my example change to suit your setup
ou: people
description: holds users of the directory
objectClass: organizationalUnit

New we create the actual User polycom and add him to the OrganizationUnit called "people"

 

 

nano polycom_user.ldif

copy and paste the below into the new Window and store the modified file via CTRL-O and leave the file via STRG-X

 

 

dn: uid=polycom,ou=people,dc=sbaierhome #<= my example change to suit your setup
changetype: add
displayName: polycom
cn: polycom
givenname: polycom
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetorgperson
uid: polycom
sn: polycom
userPassword: Tech!ab #<= my example change to suit your setup

 

Now we add an OrganizationUnit called "contacts" which will hold the Contacts that we want to be able to search via the openLDAP.

 

 

nano contacts.ldif

copy and paste the below into the new Window and store the modified file via CTRL-O and leave the file via STRG-X

 

 

 

dn: ou=contacts,dc=sbaierhome #<= my example change to suit your setup
ou: contacts
description: lists all contacts
objectClass: organizationalUnit

The last piece is some Data for the openLDAP that we can search for

 

 

 

nano phonebook.ldif

The above creates the actual phonebook.ldif file.

 

Option 1 Single Entry Example:

 

The below example adds a single openLDAP Directoy Entry with the name John Doe. It adds a corporation name and a Phone number 

 

dn: cn=John Doe,ou=contacts,dc=sbaierhome #<= my example change to suit your setup
changetype: add
givenName: John
sn: Doe
cn: John Doe
o: ACME Corporation
telephoneNumber: 0043123456789
objectClass: inetOrgPerson
objectClass: top

 

copy and paste the above into the new Window and store the modified file via CTRL-O and leave the file via STRG-X

 

Option 2 Multiple Entry Example:

 

Create a CSV File containing the following example:

 

OpenLDAP_Bulk.PNG

 

First Name, Last Name, Email, Username, Phone Number or IP

 

Note: I have added an example file containing 1500 random names

 

On the linux machine:

 

 

nano 1500ExampleNames.csv

 

 

Now paste the data you want to use into the new 1500ExampleNames.csv file and store the modified file via CTRL-O and leave the file via STRG-X

 

 

cat 1500ExampleNames.csv | awk -F "," '{print "dn cn="$1" " " "$2",ou=contacts,dc=sbaierhome\nobjectClass inetOrgPerson\nobjectclass top\ncn "$1" " " "$2"\nsn "$2"\nuid "$4"\nmail "$3"\ngivenName "$1"\ntelephoneNumber "$5"\n"}' > phonebook.ldif

 

 

 

Final Steps:

 

Now we just need to parse the above created files into openLDAP.

 

Note: In our example T3ch!ab. In addition remember to change to your own domain. In our example sbaierhome

 

  • ldapadd -x -D "cn=admin,dc=sbaierhome" -w 'T3ch!ab' -v -f people.ldif
  • ldapadd -x -D "cn=admin,dc=sbaierhome" -w 'T3ch!ab' -v -f polycom_user.ldif
  • ldapadd -x -D "cn=admin,dc=sbaierhome" -w 'T3ch!ab' -v -f contacts.ldif
  • ldapadd -x -D "cn=admin,dc=sbaierhome" -w 'T3ch!ab' -v -f phonebook.ldif

 

 




<======== Signature / Disclaimer ========>
Please be aware:For questions about the type of support to expect please check here

Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

The title Polycom Employee & Community Manager is an automatic setting within the community and any forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Poly employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and maybe answered on weekends, bank holidays or personal holidays.
1 REPLY 1
Polycom Employee & Community Manager

Re: [FAQ] Setup an openLDAP server

The Polycom Phone Configuration as follows:

 

 

<WEB	feature.corporateDirectory.enabled="1"
		dir.corp.address="10.252.149.122"
		dir.corp.autoQuerySubmitTimeout="1"
		dir.corp.backGroundSync.period="3600"
		dir.corp.baseDN="ou=contacts,dc=sbaierhome"
		dir.corp.cacheSize="128"
		dir.corp.filterPrefix=""
		dir.corp.pageSize="32"
		dir.corp.port="389"
		dir.corp.scope="sub"
		dir.corp.transport="TCP"
		dir.corp.user="uid=polycom,ou=people,dc=sbaierhome"
		dir.corp.password="T3ch!ab"
		dir.corp.viewPersistence="0"
		dir.corp.vlv.allow="1"
		dir.corp.vlv.sortOrder="sn givenName telephoneNumber"
		dir.corp.attribute.1.filter=""
		dir.corp.attribute.2.filter=""
		dir.corp.attribute.3.filter=""
		dir.corp.attribute.4.filter=""
		dir.corp.attribute.1.label="last name"
		dir.corp.attribute.2.label="first name"
		dir.corp.attribute.3.label="phone number"
		dir.corp.attribute.4.label="company name"
		dir.corp.attribute.1.name="sn"
		dir.corp.attribute.2.name="givenName"
		dir.corp.attribute.3.name="telephoneNumber"
		dir.corp.attribute.4.name="o"
		dir.corp.attribute.1.searchable="1"
		dir.corp.attribute.2.searchable="1"
		dir.corp.attribute.3.searchable="0"
		dir.corp.attribute.4.searchable="1"
		dir.corp.attribute.1.sticky="0"
		dir.corp.attribute.2.sticky="0"
		dir.corp.attribute.3.sticky="0"
		dir.corp.attribute.4.sticky="0"
		dir.corp.attribute.1.type="last_name"
		dir.corp.attribute.2.type="first_name"
		dir.corp.attribute.3.type="phone_number"
		dir.corp.attribute.4.type="other" />

 

 

Once the above was succesful the Phone can connect:

 

010736.115|ldap |*|00|Initial log entry. Current logging level 0
010736.116|ldap |1|00|ldapCfg::lookupHost:No srvLookup host=<10.252.149.122> port=<389>
010736.116|ldap |3|00|ldapCfg::getConnParams:m_pHost=<ldap://10.252.149.122> m_fullAddr=<ldap://10.252.149.122> m_priSrv=<(null)> port=<389> trans=<0>
010736.116|ldap |1|00|ldapCfg::getBufsSize:m_xferSize=<32> m_cacheSize=<128> (m_secCacheSize=<128>)
010736.117|ldap |1|00|ldapCfg::createUtfTable:Loading default UTF settings
010736.117|ldap |1|00|ldapCfg::showUtfTable:createUtfTable
010736.117|ldap |1|00|ldapCfg::showUtfTable:utfsubset[0]=<0> ,<zz>
010736.117|ldap |1|00|cDynamicData&colon;:cDynamicData&colon;m_circSize=<128> m_lowMark=<32>
010736.163|ldap |0|00|ldapData&colon;:newFilter:baseRequest=ldap://10.252.149.122/ou=contacts,dc=sbaierhome?sn,givenName,telephoneNumber,o?sub
010752.593|ldap |1|00|ldapCfg::lookupHost:No srvLookup host=<10.252.149.122> port=<389>
010752.593|ldap |1|00|ldapCfg::lookupHost:No srvLookup host=<10.252.149.122> port=<389>
010752.593|ldap |4|00|cDynamicData&colon;:activate:cDynamicData&colon;:activate() m_pCfg->lookupHost() = 1
010752.594|ldap |0|00|ldapData&colon;:newFilter:baseRequest=ldap://10.252.149.122/ou=contacts,dc=sbaierhome?sn,givenName,telephoneNumber,o?sub
010752.642|ldap |1|00|ldapData&colon;:queryResults:Sort-No Persist-No VLV-No
010752.643|ldap |1|00|ldapCfg::show:<LDAP configuration:> status=<1>
010752.643|ldap |1|00|   <server version=3> <sort:ctrl=0x1-cfg=0x0> <vlv=No> <vrCrt=Yes>
010752.643|ldap |1|00|   <host=ldap://10.252.149.122> <pfix=ldap://> <port=389> <trans=tcp> <bindOnInit=Yes>
010752.643|ldap |1|00|   <baseDN=ou=contacts,dc=sbaierhome> <filterPrefix=> <sortOrder=sn givenName telephoneNumber> <invSortOrder=NULL>
010752.643|ldap |1|00|ldapCfg::getCaFile:LDAP:CA filepath = /ffs0/ca1.crt
010752.643|ldap |1|00|ldapCfg::getCaFile:LDAP:CA filepath = /ffs0/ca1.crt
010752.643|ldap |1|00|   <attrib=sn,givenName,telephoneNumber,o><sub></ffs0/ca1.crt>
010752.644|ldap |1|00|   <persistView=No> <persistSearch=No>
010752.644|ldap |1|00|   <backgroundSyncPeriod=0> <autoQuerySubmitTimeout=1>
010752.644|ldap |1|00|   <domain=NULL> <user=uid=polycom,ou=people,dc=sbaierhome> <pass=***>
010752.644|ldap |1|00|ldapCfg::getSSLv2v3Enabled:LDAP:SSLv2v3 Enabled = 0
010752.644|ldap |1|00|   <SSLv2v3Enabled=0>
010752.644|ldap |1|00|ldapCfg::showAttr:   Attributes:
010752.644|ldap |1|00|ldapCfg::showAttr:   [0] <name=sn><label=last name><type=last_name><filter=><sticky=No><srch=Yes>
010752.644|ldap |1|00|ldapCfg::showAttr:   [1] <name=givenName><label=first name><type=first_name><filter=><sticky=No><srch=Yes>
010752.644|ldap |1|00|ldapCfg::showAttr:   [2] <name=telephoneNumber><label=phone number><type=phone_number><filter=><sticky=No><srch=No>
010752.644|ldap |1|00|ldapCfg::showAttr:   [3] <name=o><label=company name><type=other><filter=><sticky=No><srch=Yes>
010752.676|ldap |1|00|ldapQueryNoSort::setQLimits:1::<UP> m_curSubset=<0/1>
010752.676|ldap |1|00|ldapEntry::show:setQLimits 1::top <0>
010752.676|ldap |1|00|ldapEntry::show:setQLimits 1::bot <zz>
010752.676|ldap |1|00|cDynamicData&colon;:finalizeInit:finalizeInit state=<4>

 

and Search openLDAP

 

 

0825150001|ldap |1|00|ldapQueryNoSort::setQLimits:1::<UP> m_curSubset=<0/1>
0825150001|ldap |1|00|ldapEntry::show:setQLimits 1::top <0>
0825150001|ldap |1|00|ldapEntry::show:setQLimits 1::bot <zz>
0825150001|ldap |1|00|ldapQueryNoSort::assmCondition:...1
0825150001|ldap |1|00|ldapQueryNoSort::fillQuery:qDepth=<1> same=<0> incl=<Yes>
0825150001|ldap |1|00|ldapEntry::show:fillQuery::prevTop <0>
0825150001|ldap |1|00|ldapEntry::show:fillQuery::prevBot <zz>
0825150001|ldap |1|00|ldapEntry::show:fillQuery::top <>
0825150001|ldap |1|00|ldapEntry::show:fillQuery::bot <>
0825150001|ldap |1|00|ldapQueryNoSort::isQueryValid:status=<1> top=<0> bot=<zz> sel=<>
0825150001|ldap |1|00|cDynamicData&colon;:getData&colon;get enabled - filter OK <(&(sn%3E=0)(sn%3C=zz)(|(sn=Do*)(givenName=Do*)(o=Do*)))>
0825150001|ldap |0|00|ldapData&colon;:newFilter:baseRequest=ldap://10.252.149.122/ou=contacts,dc=sbaierhome?sn,givenName,telephoneNumber,o?sub
0825150001|ldap |1|00|ldapData&colon;:runSearch:dir=<DOWN> reverse=<No> index=<OFF> filter=<(&(sn>=0)(sn<=zz)(|(sn=Do*)(givenName=Do*)(o=Do*)))>
0825150001|ldap |0|00|ldapEntry::show:->new: <Doe>
0825150001|ldap |1|00|ldapEntry::iCmpEntry: 'Doe,John' > ','
0825150001|ldap |1|00|cDynamicData&colon;:dataReady:total=1-process
0825150001|ldap |1|00|ldapEntry::show:getNext::top <Doe>
0825150001|ldap |1|00|ldapEntry::show:getNext::bot <zz>
0825150001|ldap |1|00|ldapQueryNoSort::getNewLimits:status=<1>
0825150001|ldap |1|00|ldapEntry::iCmpEntry: 'Doe,John' > '0,'
0825150001|ldap |1|00|ldapQueryNoSort::fillQuery:qDepth=<1> same=<0> incl=<No>
0825150001|ldap |1|00|ldapEntry::show:fillQuery::prevTop <Doe>
0825150001|ldap |1|00|ldapEntry::show:fillQuery::prevBot <zz>
0825150001|ldap |1|00|ldapEntry::show:fillQuery::top <Doe>
0825150001|ldap |1|00|ldapEntry::show:fillQuery::bot <Doe>
0825150001|ldap |1|00|ldapQueryNoSort::isQueryValid:status=<1> top=<Doe> bot=<zz> sel=<>
0825150001|ldap |1|00|cDynamicData&colon;:getData&colon;get enabled - filter OK <(&(sn%3E=Doe)(sn%3C=zz)(|(!(sn=Doe))(!(givenName%3C=John)))(!(sn=Doe))(|(sn=Do*)(givenName=Do*)(o=Do*)))>
0825150001|ldap |0|00|ldapData&colon;:newFilter:baseRequest=ldap://10.252.149.122/ou=contacts,dc=sbaierhome?sn,givenName,telephoneNumber,o?sub
0825150001|ldap |1|00|ldapData&colon;:runSearch:dir=<DOWN> reverse=<No> index=<OFF> filter=<(&(sn>=Doe)(sn<=zz)(|(!(sn=Doe))(!(givenName<=John)))(!(sn=Doe))(|(sn=Do*)(givenName=Do*)(o=Do*)))>
0825150001|ldap |1|00|cDynamicData&colon;:dataReady:total=0-restart
0825150001|ldap |1|00|ldapQueryNoSort::getNewLimits:status=<0>
0825150001|ldap |1|00|ldapQueryNoSort::assmCondition:cannot create query=<(&> <DOWN>
0825150001|ldap |0|00|ldapQuery::assmQuery:assmCondition error numC=<-1>
0825150001|ldap |0|00|ldapQuery::assmQuery:query cleared & released
0825150001|ldap |1|00|cDynamicData&colon;:getData&colon;get enabled - filter NOK <>

 

Adding a GUI to openLDAP

 

 

The phpLDAPAdmin can be used to add a graphical user interface to the openLDAP ( source => here <= )

 

Installing the GUI

 

sudo apt-get install phpldapadmin

 

In order to run the Web Interface we need to modify some sections of the configuration

 

sudo nano /etc/phpldapadmin/config.php

The following lines need changing:

 

$servers->setValue('server','host','domain_nam_or_IP_address');

Change the above to the FQDN or IP address of the Linux machine that has openLDAP installed

 

Then

 

$servers->setValue('server','base',array('dc=test,dc=com'));

into

 

$servers->setValue('server','base',array('dc=sbaierhome'));

and

 

$servers->setValue('login','bind_id','cn=admin,dc=test,dc=com');

into

 

$servers->setValue('login','bind_id','cn=admin,dc=sbaierhome');

and search for the line hidetemplatewarning and uncomment the // in front of the line into and change from false into true

 

$config->custom->appearance['hide_template_warning'] = true;

Press CTRL-O to store and then CTRL-X to exit.

 

You can now Log In via the Web Interface by using the FQDN or IP address/phpldapadmin

 

phpLDAPadmin.PNG

 

 

The Password based on above example is T3ch!ab




<======== Signature / Disclaimer ========>
Please be aware:For questions about the type of support to expect please check here

Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

The title Polycom Employee & Community Manager is an automatic setting within the community and any forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Poly employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and maybe answered on weekends, bank holidays or personal holidays.
Message 2 of 2